MalwareTips
Security Review

Is hirednice.living legit or a scam?

Our verdict:Dangerous· 22/100

A malicious Marriott impersonation site used in coordinated phishing campaigns to harvest user data through fake gift offers.

Top reasons
Confirmed clone of the official Marriott websiteFlagged as spam by Abusix, alphaMountain.ai, and FortinetUsed as a sender for phishing emails promising fake gifts
hirednice.livingScanned 2h ago
Post Facebook
0
Trust score
DANGEROUS
Heuristics 57·MT 5
Category tags
phishingspam#phishing#clone site#data harvester95% MT confidence
Positive signals (1)
Not on major blacklists

These checks passed — but they don't clear the site. A clean antivirus result, valid SSL, and a calm server only mean it isn't hosting malware; they say nothing about whether the business is real. This verdict is based on the site's conduct and content, not a malware detection.

View density

Analysis Summary

Threat Intelligence
3/92
Engines flagged this URL
Domain Age
Registration date unknown
MT Intelligence
Dangerous
Critical likelihood · 95% confidence
DANGEROUS

Brand impersonation — not the real site

A malicious Marriott impersonation site used in coordinated phishing campaigns to harvest user data through fake gift offers. This page is styled as a brand but is not the brand's real site. Go to the official site directly, and treat any download, login, or payment request here as unsafe.

Website Preview

Screenshot of hirednice.living
LIVE RENDER
hirednice.living

Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site.

MT Intelligence

Advanced threat intelligence
MT Security Analyst
Critical scam likelihoodengineMT · Guardiantrust5/100
MT AgentLive web researchVisual inspectionNetwork correlation
0%
Confidence
Our analysis confirms this domain is a direct clone of the Marriott website, designed to deceive users. It has been identified as the sender of fraudulent emails promising 'thank-you gifts' to recent hotel guests. Multiple security engines, including Abusix, alphaMountain.ai, and Fortinet, have flagged the domain for spam and malicious activity. The site lacks any legitimate business registration and is part of a wider network of suspicious domains using the .living extension. There is no evidence of legitimate operation, and the infrastructure is tied to known phishing patterns.
Full dossier
Analysis complete

Page Content

The site is a technical clone of marriott.com, designed to look identical to the official hotel portal. It uses this branding to lure victims into providing sensitive information under the guise of a loyalty reward or gift.

Infrastructure

The domain is hosted on an IP address (198.62.5.172) with a history of abuse reports. It lacks an SSL certificate, which is a major red flag for any site claiming to represent a global hospitality brand.

Domain History

The domain uses the .living TLD, which has been identified by threat researchers as a frequent choice for large-scale phishing campaigns. It has no established history or global traffic ranking, indicating it was created solely for this attack.

Web Reputation

Our antivirus network shows multiple detections for spam and phishing. Independent research has linked this specific domain to fraudulent emails captured in temporary inbox services, confirming its role in active credential harvesting.
Risk Factors
7
  • Confirmed clone of the official Marriott website
  • Flagged as spam by Abusix, alphaMountain.ai, and Fortinet
  • Used as a sender for phishing emails promising fake gifts
  • No SSL certificate present on a site requesting user interaction
  • Hosted on an IP block associated with multiple suspicious domains
  • No legitimate business registration or contact information found
  • Utilizes a high-risk TLD (.living) often used in fraud campaigns
AI Recommendation
Do not click any links or provide any personal information to this site. If you received an email from this domain, mark it as spam and delete it immediately.
Next-gen fraud intelligence
Evidence-backedCross-checked

Web Research Findings

Our live research agent queries scam-report databases, consumer-review sites, news coverage, and general web search for hirednice.living, then cross-checks business-registration records and look-alike domain patterns. Everything below is pulled from what it actually found.

Business registration
No public record found
Could not match the site to a registered company — common for small sites.
Clone check
Clones marriott.com
The page impersonates a well-known brand's site.
Typosquat check
No look-alike match
The domain doesn't resemble any well-known brand's spelling.
Web mentions
1 scam report
Key findings
6 headline facts from open-web research
  • Domain hirednice.living appears exclusively in a temporary email inbox on fakemailgenerator.com as the sender domain for a Marriott phishing/spam email promising a thank-you gift.
  • The email is part of a large volume of similar spam/phishing messages mimicking brands like Marriott, Costco, Netflix, Ace Hardware, using obscure new TLDs including multiple .living domains.
  • New gTLD .living is associated with large-scale phishing campaigns according to a Unit 42 (Palo Alto Networks) report on newly released TLDs.
  • The domain resolves to an IP in a /24 block (102.135.108.0/24) that hosts multiple other suspicious domains used in the same spam campaigns.
  • No website content, business records, reviews, or legitimate references to hirednice.living were found on the web.
  • No presence on review sites (Trustpilot, ScamAdviser, Reddit) or any indication of a real business.
Scam reports (1)
Direct quotes from public scam databases, forums, and news.
  • fakemailgenerator.comopen

    "Marriot Welcome <marriotwelcome@hirednice.living>. A thank-you gift tied to your recent Marriott stay."

Impersonation / typosquat
Clone of marriott.com

Sender domain used in spoofed/phishing email impersonating Marriott with fake 'thank-you gift' subject

Research summary
Narrative write-up from our AI analyst, grounded on the facts above
Our research identified this domain in spam-tracking databases as a source of fraudulent Marriott-themed emails. These messages attempt to lure users with fake rewards to harvest their data. Security researchers have noted that this domain is part of a larger cluster of .living sites used for automated phishing attacks. No legitimate business presence or positive consumer feedback was found during our investigation.

Scam Network Intelligence

Cross-site correlation

This site shares signals with a broader cluster

Moderate correlation

Many scams don't operate alone. We correlate third-party scripts, hosting infrastructure, brand-impersonation signals, and the AI evidence package to detect when a site is part of a broader scam network.

Suspicion score
0/100
ClearLowModerateHighCritical
Evidence (1)
  • Evidence confirms this site is a clone of marriott.com.
Linked signals (1)
Clone of marriott.com

Antivirus Engines

Detection matrix · live
3 engines flagged this URL

We cross-check every URL against our antivirus network of 92 malware and blacklist engines. Each detection is listed below by engine name — even a single hit is a meaningful signal.

0Malicious3Suspicious55Harmless92Engines
0
of 92
Abusix
Suspicious· spam
alphaMountain.ai
Suspicious· spam
Fortinet
Suspicious· spam

3 antivirus engines flagged this URL. Even a single detection is a meaningful signal — treat this site with extra caution and avoid entering credentials, payment info, or downloading any files.

Security Scans

Blacklist Check
Not flagged on major threat lists

Checked against the major public blocklists used by browsers and security tools — no hits.

Server Reputation

Abuse Intelligence
Confidence score22%
Reports on file3
ISPNorfolk Southern Railway Company
Usage typeUnknown

Scam-Type Likelihood

1 scam-type patterns detected
Scam-Type Likelihood

1 of 13 categories showed signals

We check every URL against 13 distinct scam categories so the verdict tells you not just how risky the page is, but what kind of risk it carries. Each meter pulls from page signals, web reports, our AI analyst, vision, and the scam-network cluster — not from raw AV labels.

Top match: Brand Impersonation
Brand Impersonation
Moderate likelihood
30/100
  • AI analyst tagged this as a brand / clone-site impersonation.
  • Clustered with known brand-impersonation infrastructure.

Brand impersonation detected

This page is styled as a known brand but is not the brand's real site.

  • Do not interact with hirednice.living

    Do not enter credentials, deposit money, download files, or install browser extensions from this site.

  • Go to the brand's real site directly

    Type the brand name into a search engine or open it from your bookmarks — don't use links from emails, SMS, ads, or social posts, which are the delivery vectors for impersonation.

  • Never download or sign in here

    Even if the page "just" offers a download or a giveaway, impersonation pages frequently deliver malware or set up follow-up phishing. Assume anything accepted from this site is hostile.

  • Report the impersonation to the brand

    Most major brands have a dedicated abuse or anti-phishing reporting channel — reporting helps them take the site down and protects other users.

    Open

Reputation Sources

How this domain rates across independent threat-intelligence and blocklist providers.

Google Safe Browsing
Not listedCheck ↗
VirusTotal
ListedCheck ↗
AbuseIPDB
Not listedCheck ↗
Also verify:Spamhaus ↗DNSBL / SURBL ↗PhishTank ↗

Safety FAQ

Common questions about this site, answered directly from the scan data above — so the answers always reflect the latest verdict on this page.

  • Our automated security review flags hirednice.living as dangerous. Multiple threat indicators were detected — treat the site as a scam until proven otherwise.
  • No — hirednice.living scored 22/100 on our trust scale. We detected active threat indicators, so we recommend avoiding the site entirely.
  • 3 out of 92 antivirus engines in our malware network flagged hirednice.living as malicious or suspicious. Even one detection is a meaningful signal.
  • No. hirednice.living is not currently listed on the major browser blocklist feeds that modern browsers use.
  • hirednice.living resolves to an IP operated by Norfolk Southern Railway Company in US. Hosting location alone doesn't make a site good or bad, but unusual geography for a brand's claimed country is one of many signals we weigh.
  • This is a permanent record of the scan run on June 19, 2026. The verdict and evidence above reflect that scan and do not change on their own. If circumstances around hirednice.living have changed, MalwareTips staff can run a fresh scan, which re-runs every check from scratch and publishes an updated report.

Final Verdict

0
Trust / 100
Final Verdict·hirednice.living
DANGEROUS

This domain is a malicious Marriott clone used in phishing campaigns to steal personal information. It impersonates the hotel brand by offering fake 'thank-you gifts' via spam emails. Do not interact with any links from this sender.

Do not click any links or provide any personal information to this site. If you received an email from this domain, mark it as spam and delete it immediately.

AV engines
92
MT passes
2
Net signals
1
Scan another URL
Security review completemalwaretips.com/url-scan
Recently scanned

Other Dangerous reports

Browse all reports
Dangeroustrust13
node8525qa.uruvita.com
2m ago
Read the review
Dangeroustrust12
thepcgames.net
2m ago
Read the review
Dangeroustrust1
steamsunlocked.com
60m ago
Read the review
Dangeroustrust25
tomomob.com
1h ago
Read the review
Dangeroustrust1
games1122.com
1h ago
Read the review
Dangeroustrust39
hdtodayla.com
1h ago
Read the review
Dangeroustrust41
projectfreetv.sx
1h ago
Read the review
Dangeroustrust1
lskannsserv.beer
2h ago
Read the review
Dangeroustrust8
etherfi-wc26.com
2h ago
Read the review
Dangeroustrust17
myartes.com
2h ago
Read the review
Dangeroustrust3
genesispool.org
2h ago
Read the review
Dangeroustrust8
writehis.living
2h ago
Read the review
Community review

User reviews & comments(0)

Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.

Loading…
Loading comments…
This report is generated automatically by combining threat intelligence, domain signals, and an AI security analyst. It is informational, not legal advice. Always use your own judgement before sharing personal information or money online.